The Australian Government looked to the European experience as a model for its data retention scheme.
In July 2014, Attorney-General Brandis said that data retention ‘is very much the way in which western nations are going’.
No, half of Australians aren’t pirates; librarians are cooking for copyright reform, Hockey has a hefty legal bill, a jeep got hacked remotely, data retention legislation was ruled unlawful in the UK and the Office of the Australian Information Commissioner has been left to shrivel.
That’s just some of the law + tech news from the past week … happy reading.
In July last year, Australia’s Attorney-General, George Brandis said:
“… I might point out to you as recently as yesterday, the House of Commons passed a new data retention statute. This is very much the way in which western nations are going”.
A month later, in August 2014, Labour MP Tom Watson and the Conservative MP David Davis, commenced a judicial challenge against this new data retention statute – the Data Retention and Investigatory Powers Act – known as DRIPA.
DRIPA had been rushed through Parliament in only 4 days by the government who claimed “emergency” legislation was necessary after the European Court of Justice ruled the EU Directive on Data Retention invalid.
Exactly a year after DRIPA received royal assent, on 17 July 2014, in a landmark ruling the High Court upheld this challenge and ruled that the key provision of DRIPA is inconsistent with the rights of privacy enshrined in European Union law and is therefore ‘disapplied’.
As Carly Nyst explained, the court ruled that the UK must comply with European law, which as set out in the European Court of Justice’s Digital Rights Ireland judgment, forbids blanket data retention measures that are not accompanied by a strict regime regulating access to retained data.
The High Court set out two fundamental flaws with the data retention law:
(Significantly, the High Court’s ruling also noted that: “The need for that approval to be by a judge or official wholly independent of the force or body making the application should not, provided the person responsible is properly trained or experienced, be particularly cumbersome.”)
This extremely lax access regime is very familiar …
In the Australian context, our data retention laws, passed on 26 March this year, similarly do not limit the access of communications data to cases involving serious offences.
Nor is access to retained communications data dependent on prior review by a court or an independent administrative body, except in the very limited (and very problematic) case of access to a journalist’s communications data to identify a source.
The order ‘disapplying’ the critical section of DRIPA was stayed until March 2016, to allow time for the Government to remedy the position. Leave to appeal was also granted. Glyn Moody has reported that the Home Office said that it will be appealing against the decision.
Our Attorney-General’s rhetoric that data retention is the way the west is going was, as Stilgherrian pointed out back in November last year, not even true – and it is becoming less true as time goes on. David Anderson, the UK’s Independent Reviewer of Terrorism Legislation, highlighted that yesterday’s ruling “echoed decisions already made by national courts in the Netherlands, Belgium, Austria, Slovenia and Romania, which have themselves recently struck down national data retention laws in obedience to Digital Rights Ireland.”
“It’s a year to the day since Dripa received royal assent. Good governance is about allowing the legislature the room to make law. In this case it didn’t happen. Good opposition is about holding governments to account and that didn’t happen either.
“So we find ourselves in a position where the courts have had to say to parliament go back and start again.”
And with only a month until Australian telcos and internet service providers are required to submit their data retention implementation plans to the Attorney-General’s Department, it’s clear that many of those affected still need guidance on what data is to be retained.
In Australia, we also need to hold our government to account.
[And yes, I’ll need to again update my table setting out the status of data retention laws in the EU]
* See also Lorna Wood’s post from the LSE Media Policy Blog, explaining this ruling and its implications
So while I was overseas … website blocking laws passed in Australia, the #HockeyFairfax judgment was delivered, confusion over implementation of data retention persisted and the e-safety commissioner officially commenced his role on 1 July.
Kashmir Hill was an invisible girlfriend for a month, the debate about access to encrypted data continued and the Atlantic asked who owns your face? That’s just some of the law + tech news from the past few weeks … happy reading.